Dell PowerScale OneFS 9.x celog log injection CVE-2023-22575
CVE-2023-22575 Published on February 1, 2023

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Products Associated with CVE-2023-22575

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-22575 are published in Dell Emc Powerscale Onefs:

Dell Emc Powerscale Onefs

Affected Versions

Dell PowerScale OneFS:

Before and including 9.1.0.0 through 9.1.0.26 is affected.
Before and including 9.2.1.0 through 9.2.1.19 is affected.
Before and including 9.4.0.0 through 9.4.0.10 is affected.

Exploit Probability

EPSS

0.33%

Percentile

55.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.